Android Messages App

Trend Micro discovered a denial-of-service vulnerability, CVE-2017-0780, in the Android Messages application for mobile devices. The vulnerability has been confirmed for Nexus and Pixel devices, but likely affects other mobile devices running the Android operating system. A remote threat actor can send a target a malformed multimedia message (MMS) that causes the app to crash. The user will be incapable of recovering from the crash even after a device or system reboots in safe mode; the user will be forced to reset their device to its factory settings or use an alternative, unaffected messaging app to remove the malicious MMS file manually. The NJCCIC recommends Android mobile device users review the Trend Micro report and consider disabling the Android Messages app and using an alternative messaging app until the user has applied the September 2017 Android operating system update.

AdvisoryNJCCICAndroid, Mobile, Google